Sensitive information such as an account identifier is typically stored in a secure element of a communication device to protect the sensitive information. Examples of a secure element may include a subscriber identity module (SIM) card or a specialized integrated chip embedded into the communication device. A secure element is considered secure because information is stored in tamper-resistant hardware, which protects the information from malware or viruses that can infect the operating system or an application running on the communication device. However, the secure element of a communication device is typically under the control of a network operator such as a mobile network operator (MNO). In order to gain access to the secure element to provision sensitive information to the secure element, an entity wishing to do so may have to establish commercial agreements and technical connectivity with the party controlling the secure element to perform over-the-air (OTA) personalization of the secure element. This is both a cumbersome and complex process. Furthermore, incorporating a secure element adds to the manufacturing cost of the communication device, and increases the cost of the finished communication device. Thus, in some cases, it would be desirable to not rely on the use of a secure element to store sensitive information on a communication device. However, if a secure element is not used to protect the sensitive information, security of the sensitive information will be a concern.
Embodiments of the invention address this and other problems, both individually and collectively.